[Box-Admins] Access to the new server(s)
Chris Muller
asqueaker at gmail.com
Thu Sep 29 02:53:43 UTC 2016
Hi Dave, I think the first command establishes the tunnel to a port on
your localhost.
So enter the last command in a separate terminal window on your
machine instead of in the tunneling window, which does not accept
commands.
On Wed, Sep 28, 2016 at 6:53 PM, David T. Lewis <lewis at mail.msen.com> wrote:
> Thanks Tobias,
>
> I am not able to connect with variant (1). Probably I am doing something wrong,
> as I have little experience with ssh tunneling. This is what I see:
>
> lewis at lewis-Gazelle-Pro:~$ ssh -p1022 -lssh 104.130.6.82
> restrict shell, no commands #
> restrict shell, no commands # ssh -AN -L22221:10.176.197.150:22 -p1022 -lssh 104.130.6.82
> restrict shell, no commands # ssh -ldavidlewis -p22221 localhost
> restrict shell, no commands # ls
> restrict shell, no commands #
>
> Can you tell what I am doing wrong?
>
> Thanks,
> Dave
>
>
>
> On Wed, Sep 28, 2016 at 11:31:36AM +0200, Tobias Pape wrote:
>> Dear all
>>
>> [ACTIONS AT END]
>>
>> with retroactive blessing of Levente, I have now prepared eight VMs on Rackspace.
>> Here's the overview:
>>
>> =======================================================================================================================
>> Name Name (ext) intended use Unix Users Public Ports Private Ports Public IPv4 Private IPv4
>> -----------------------------------------------------------------------------------------------------------------------
>> ian ssh.squeak.org ssh-gateway ssh 1022 22 104.130.6.82 10.208.225.29
>> alan *.squeak.org webserver webteam 80, 443 22 104.239.229.92 10.176.200.8
>> adele lists.... mailinglists (tbd) 25, 587, 465 22, 8080 162.242.237.43 10.208.160.56
>> andreas -------- source.squeak chrismuller* -------- 22, 8080 irrelevant 10.208.161.222
>> dan -------- squeaksource davidlewis* -------- 22, 8080 irrelevant 10.176.197.150
>> ted -------- squeak wiki+map (tbd) -------- 22, 8080, 8081 irrelevant 10.176.130.111
>> david -------- jenkins (tbd) -------- 22, 8080 irrelevant 10.208.194.45
>> scott -------- misc (tbd) -------- 22, 8080, 8081 irrelevant 10.176.199.169
>> =======================================================================================================================
>>
>> Currently, Levente and me have sudo on all these machines. Users with * also do.
>>
>> Note that _no_ server exposes SSH on port 22 on a public IP. This is intentional to narrow attack vectors for script kiddies.
>> How to login?
>>
>> Ian is the ssh gateway so you have to connect to ian _first_ and use (1) local forwarding or (2) proxy jumping.
>> I have installed the Public keys from most of you for the 'ssh' user on ian.
>>
>> Please verify by
>> ssh -p1022 -lssh 104.130.6.82
>> you should see
>> restrict shell, no commands #
>> (you get out with crtl-d, ctrl-c, or killing ssh)
>>
>> How to reach the other servers? Example for 'andreas'
>>
>> variant (1):
>> Do a local forward by
>> ssh -AN -L22221:10.176.200.8:22 -p1022 -lssh 104.130.6.82
>> and then
>> ssh -lYOURNAME -p22221 localhost
>> (-N maybe optional, but then you see 'restrict shell, no commands #')
>>
>> Or in your .ssh/config you can put
>>
>> Host ian.squeak.org
>> User ssh
>> Hostname 104.130.6.82
>> Port 1022
>> LocalForward 222221 10.176.200.8:22
>>
>> Host andreas.squeak.org
>> User YOURNAME
>> Hostname localhost
>> Port 222221
>>
>> And then say 'ssh -AN ian.squeak.org' and then 'ssh andreas.squeak.org'
>>
>> variant (2):
>> (a) You have OpenSSH >= 7.3
>> Do a Jump with
>> ssh -J ssh at 104.130.6.82:1022 YOURNAME at 10.176.200.8
>>
>> Or in your .ssh/config you can put
>>
>> Host ian.squeak.org
>> User ssh
>> Hostname 104.130.6.82
>> Port 1022
>>
>> Host andreas.squeak.org
>> User YOURNAME
>> Hostname 10.176.200.8
>> ProxyJump ian.squeak.org
>>
>> And then say 'ssh andreas.squeak.org'
>>
>> (b) You have OpenSSH >= 5.4
>> Do a Jump via
>> ssh -o ProxyCommand="ssh -lssh -p1022 -W %h:%p 104.130.6.82" YOURNAME at 10.176.200.8
>>
>> Or in your .ssh/config you can put
>>
>> Host ian.squeak.org
>> User ssh
>> Hostname 104.130.6.82
>> Port 1022
>>
>> Host andreas.squeak.org
>> User YOURNAME
>> Hostname 10.176.200.8
>> ProxyCommand ssh -W %h:%p ian.squeak.org
>>
>> And then say 'ssh andreas.squeak.org'
>>
>> (c) You have OpenSSH < 5.4
>> Use variant (1)
>>
>> We will shortly start RSYNC-ing over data from box3 and box4 as well as replicatiing DNS entries before switching over.
>>
>> [ACTION REQUIRED]
>>
>> - Who needs access to which servers?
>> - Do we need Jenkins anymore?
>>
>> As always, questions appreciated.
>>
>> Best regards
>> -Tobias
>>
>>
>>
>>
>>
>
>
More information about the Box-Admins
mailing list